Collaborate Disseminate
Could anyone suggest a system to prevent DDOS attacks without collecting personal data like i.p. addresses ( or using anonymized data ) and be not deny access to an innocent user ?
Continue reading Preventing DDOS attacks without collecting personal data?
Here’s my not so theoretical scenario: A day-one Trojan horse attack where the attacker sets up a secure connection back to himself using a well known trusted port, such as 80 21 443. Or for instance, if a malicious user takes advantage of… Continue reading SNORT rule for detecting/preventing unauthorized VPN or encrypted traffic
I have been writing on some code that automatically puts together differently parameterized attacks of common pen testing tools, i.e. sqlmap, nmap, patator etc. These attacks are then launched against two or three targets. I wanted to capt… Continue reading How does one label malicious traffic in generated workloads?
Snort newbie here. I don’t know what I’m doing wrong and I hope someone can help me.
I set up snort on a pfSense VM, on the WAN interface i have a Kali VM connected, on the LAN interface there is a Ubuntu VM. The Port 443 to the Ubuntu VM … Continue reading Snort throws no alerts at php/meterpreter_reverse_tcp connection?
I want to test Snort IDS. The above datasets are availables only in .txt format.
Does implementing a Network Intrusion Detection System (NIDS) give you any advantages over an Endpoint Detection and Response (EDR) solution?
I’ve been trying to do research on this, but are struggling to find good sources comparing the tw… Continue reading Is there any advantages in using a Network Intrusion Detection System, when already having a EDR solution?
I wanted to know if anyone had experience sensoring single flows that generate 90 kpps or upward of traffic. My conundrum is that I use tools which I would like to be able to properly see an entire flow with (Zeek, Suricata), however both … Continue reading Processing Exceptionally High Volume Singular Flows
I am working on a personal project using a custom IDS together with PfSense firewall. There are a few online datasets containing pcap files of benign and attack traffic, my goal would be to replay these pcaps to the firewall so that I can … Continue reading Replaying PCAPs to test firewall [closed]
Are there similarities between stateful inspection firewalls (SIF) and intrusion detection systems (IDS)? Can SIF and IDS be combined and why and how?
I know that a SIF recognize if a packet is initiating a new connection or if it belongs … Continue reading stateful inspection firewalls (SIF) and intrusion detection systems (IDS) [closed]
I want to install and run scanlogd from my Ubuntu 16.04 machine. I am able to install and run it with apt-get install scanlogd and it works fine.
But I am not able to change the parameters like log count threshold or max length of a messag… Continue reading How to install and use scanlogd